HashiCorp Vault LIST returns all paths regardless of caller policy with no filtering

vault list on a KV mount returns every path even if the calling token has no read/write permission on most of them. Operators cannot scope the list output to paths the user can actually access. The issue has been open since 2018 with 106 reactions. vkv (a third-party tool with 109 stars) does recursive listing but does NOT read Vault policies to filter results; it still shows all paths. No tool exists that reads a token's effective policies and renders only the paths the caller can legitimately operate on.

Score Breakdown

GitHub

165

Social Proof 1 sources

vault list should only show accessible secrets

scarolan · 9/19/2018

165

Gap Assessment

UnderservedExisting solutions leave gaps

8-year-old open issue; vkv solves recursive traversal only, not policy-aware filtering; gap for a CLI that computes effective accessible paths from Vault policy APIs and renders a filtered explorer

Virality Score

165

across 0 platforms

Details

Signalissue

Ecosystemdev_tool_cli

Sources1

Platforms0

Updatedunknown

Trend→ stable

Top ideas

All ideas →

0A web app and Figma plugin that binds relative line-height values to type-scale variables and keeps them in sync across a design system 0A web app that pulls ClickUp logged time entries and renders a real capacity and overload view per person 0A web app and API service that computes Jira agile metrics from the issue API and exposes velocity, burndown, and sprint report data via stable developer-facing endpoints